A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image. Reference: https://github.com/ImageMagick/ImageMagick/issues/1515 Upstream commit: https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24 https://github.com/ImageMagick/ImageMagick/commit/b4dd4d266f2d450a2996abf5294671d888991132
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1732279]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-12974